Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-10-30 20:12:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
tpotce/docker/ipphoney/dist/honeypot.cfg

313 lines
7.5 KiB
INI
Raw Normal View History

start prepping for ipphoney
2020-08-24 15:55:50 +00:00
# DO NOT EDIT THIS FILE!
# Changes to default files will be lost on update and are difficult to
# manage and support.
#
# Please make any changes to system defaults by overriding them in
# honeypot.cfg
#
# To override a specific setting, copy the name of the stanza and
# setting to the file where you wish to override it.
# ============================================================================
# General Honeypot Options
# ============================================================================
[honeypot]
# Sensor name is used to identify this honeypot instance. Used by the database
# logging modules such as JSON.
#
# If not specified, the logging modules will instead use the host name of the
# server as the sensor name.
#
# (default: the name of the local machine)
#sensor_name = myhostname
# Name of the web server on the simulated printer.
#
# (default: Lexmark_Web_Server)
server_name = Lexmark_Web_Server
# Directory where to save log files in.
# Log files are <log_filename>.YYYY-MM-DD in that directory
#
# (default: log)
log_path = log
# Log file name
#
# (default: stdout)
#log_filename =
# Directory containing the response files
#
# (default: responses)
#responses_dir = responses
# Directory where to save downloaded artifacts in.
#
# (default: dl)
#download_path = dl
# Whether to save the files sent for printing
# (default: true)
#download_files = true
# Maximum file size (in bytes) for downloaded files to be stored in 'download_path'.
# A value of 0 means no limit. If the file size is known to be too big from the start,
# the file will not be stored on disk at all.
#
# (default: 0)
#download_limit_size = 0
# ============================================================================
# Network Specific Options
# ============================================================================
# Port to listen for incoming connections.
#
# (default: 631)
#listen_port = 631
# Site to query for one's public IP address
#
# (default: https://ident.me)
#public_ip_url = https://ident.me
# Enable to log the public IP of the honeypot (useful if listening on 127.0.0.1)
# IP address is obtained by querying public_ip_url
#
# (default: false)
#report_public_ip = false
# ============================================================================
# Output Plugins
# These provide an extensible mechanism to send audit log entries to third
# parties. The audit entries contain information on clients connecting to
# the honeypot.
#
# Output entries need to start with 'output_' and have the 'enabled' entry.
# ============================================================================
# CouchDB logging module
#
#[output_couch]
#enabled = false
#host = localhost
#port = 5984
#username = ipphoney
#password = secret
#database = ipphoney
#geoip = true
# Location of the databases used for geolocation
#geoip_citydb = data/GeoLite2-City.mmdb
#geoip_asndb = data/GeoLite2-ASN.mmdb
# Elasticsearch logging module
#
#[output_elastic]
#enabled = false
#host = localhost
#port = 9200
#index = ipphoney
#
# type has been deprecated since ES 6.0.0
# use _doc which is the default type. See
# https://stackoverflow.com/a/53688626 for
# more information
#
#type = _doc
#
# set pipeline = geoip to map src_ip to
# geo location data. You can use a custom
# pipeline but you must ensure it exists
# in elasticsearch.
#
#pipeline = geoip
#
# Authentication. When x-pack.security is enabled
# in ES, default users have been created and requests
# must be authenticated.
#
# Credentials
#
#username = ipphoney
#password = secret
#
# TLS encryption. Communications between the client (ipphoney)
# and the ES server should naturally be protected by encryption
# if requests are authenticated (to prevent from man-in-the-middle
# attacks). The following options are then paramount
# if username and password are provided.
#
# use ssl/tls
#ssl = true
# verify SSL certificates
#verify_certs = true
# Path to trusted CA certs on disk
#ca_certs = /path/to/cert/file/elastic_ca.crt
# HPFeeds
#
# Note the lack of "s" at the end:
[output_hpfeed]
enabled = false
#server = hpfeeds.mysite.org
#tlscert = /path/to/tls/cert/file
#port = 10000
#identifier = abc123
#secret = secret
#channel = ipphoney
# InfluxDB 2.0 logging module
#
#[output_influx2]
#enabled = false
#host = hostname
#token = token
#org = organization
#bucket = ipphoney
# JSON based logging module
#
[output_jsonlog]
enabled = true
logfile = log/ipphoney.json
epoch_timestamp = false
# MongoDB logging module
#
#[output_mongodb]
#enabled = false
#host = 127.0.0.1
#port = 27017
#username = ipphoney
#password = secret
#database = ipphoney
# Note: .format(username, password, host, port, database) is done
# on the following string; make sure that there are 5 placeholders ({}) in it
#connection_string = mongodb://{}:{}@{}:{}/{}
# Whether to store geolocation data in the database
#geoip = true
# Location of the databases used for geolocation
#geoip_citydb = data/GeoLite2-City.mmdb
#geoip_asndb = data/GeoLite2-ASN.mmdb
# MySQL logging module
# Database structure for this module is supplied in docs/sql/mysql.sql
#
# MySQL logging requires extra software: sudo apt-get install libmysqlclient-dev
# MySQL logging requires an extra Python module: pip install mysql-python
#
#[output_mysql]
#enabled = false
#host = localhost
#database = ipphoney
#username = ipphoney
#password = secret
#port = 3306
#debug = false
# Whether to store geolocation data in the database
#geoip = true
# Location of the databases used for geolocation
#geoip_citydb = data/GeoLite2-City.mmdb
#geoip_asndb = data/GeoLite2-ASN.mmdb
# PostgreSQL logging module
#
#[output_postgres]
#enabled = false
#host = hostname
#username = ipphoney
#password = secret
#port = 5432
#database = ipphoney
#debug = false
# Whether to store geolocation data in the database
#geoip = true
# Location of the databases used for geolocation
#geoip_citydb = data/GeoLite2-City.mmdb
#geoip_asndb = data/GeoLite2-ASN.mmdb
# RedisDB logging module
#
#[output_redisdb]
#enabled = false
#host = 127.0.0.1
#port = 6379
# DB of the redis server. Defaults to 0
#db = 0
# Password of the redis server. Defaults to None
#password = secret
# Name of the list to push to or the channel to publish to. Required
#keyname = ipphoney
# Method to use when sending data to redis.
# Can be one of [lpush, rpush, publish]. Defaults to lpush
#send_method = lpush
# SQLite3 logging module
#
# Logging to SQLite3 database. To init the database, use the script
# docs/sql/sqlite3.sql:
# sqlite3 <db_file> < docs/sql/sqlite3.sql
#
#[output_sqlite]
#enabled = false
#debug = false
#db_file = data/ipphoney.db
# Whether to store geolocation data in the database
#geoip = true
# Location of the databases used for geolocation
#geoip_citydb = data/GeoLite2-City.mmdb
#geoip_asndb = data/GeoLite2-ASN.mmdb
# Local Syslog output module
#
# This sends log messages to the local syslog daemon.
#
#[output_localsyslog]
#enabled = false
# Facility can be:
# KERN, USER, MAIL, DAEMON, AUTH, LPR, NEWS, UUCP, CRON, SYSLOG and LOCAL0 to LOCAL7.
#
# default: USER
#facility = USER
# Text output
# This writes audit log entries to a text file
#
#[output_textlog]
#enabled = false
#logfile = log/ipphoney.txt
# TODO:
# Rethinkdb output module
#
#[output_rethinkdblog]
#enabled = false
#host = 127.0.0.1
#port = 28015
#table = events
#db = ipphoney
#password =
# InfluxDB logging module
#
#[output_influx]
#enabled = false
#host = 127.0.0.1
#port = 8086
#database_name = ipphoney
#retention_policy_duration = 12w
# Kafka logging module
#
#[output_kafka]
#enabled = false
#host = 127.0.0.1
#port = 9092
#topic = ipphoney
Reference in a new issue Copy permalink